Skip to main content

Terms & Conditions: Sharing your HBOGo password is risky, but worth it

terms-and-conditions-hbogoIf you love good TV, you love HBO. From back-seasons of “The Wire” to the current offering of “Game of Thrones,” the premium cable network has become a must-have luxury for boob-tube enthusiasts. Which is why its streaming app, HBOGo, has become such a hot commodity. Using HBOGo, subscribers can access all of HBO’s content anytime, anywhere. As a recent controversial piece in The New York Times points out, however, it’s not just subscribers who are getting their Go fix through the app; moochers of all stripes are gaining access to HBO’s content by using the login credentials of friends and relatives who have HBO subscriptions. Crafty a workaround as that may be, what does HBOGo’s terms of service have to say about the practice? Let’s take a look.

Terms of Service

HBOGo’s ToS are nothing to write home about – fairly easy to understand, a little long, blah, blah, blah. There’s some bits about parental controls (they exist), and plenty of warnings not to pirate HBO’s content in anyway. Important as those points may be, we’re not going to focus on them today – all we’re really interested in for this edition of T&C is answering one question: Are you allowed to use someone else’s login credentials to access HBOGo?

Related Videos

Quick and dirty

The short answer is, no – because the person who has legitimate access to HBOGo is not allowed to share the password with you. 

From the start of HBOGo’s terms, the company states that, to use the app, “you must be a subscriber with an account in good standing with an authorized television provider.” Nobody else is allowed to authorize access to HBOGo. Furthermore, the terms state that the license to use HBOGo is “non-transferable,” and that it is the account holder’s responsibility to keep the username and password to HBOGo a secret from other people.

This is a starkly different approach to password sharing than Netflix, which never really says that you aren’t allowed to share your password with other people. All Netflix says is that a “household” can only activate up to six different devices. Whether those devices are located in the same physical house, well, that seems to be a moot point for Netflix.

Dead giveaway

OK, so now that we have that disappointing news cleared up. Is it even possible for HBO to know if you are using someone else’s account to use HBOGo? Yes, it can – quite easily in fact. All the company has to do is check the IP address from which HBOGo is being accessed. From there, it can decipher who is legitimately accessing the service, and who isn’t.

That said, HBO told The New York Times reporter Jenna Wortham that it doesn’t track this kind of activity. But it could, if it wanted to. And that means it could also cancel the legitimate user’s access to HBOGo for violating the terms of service.

Downhill from here

Adding salt to the password-sharing wound is the fact that, by using someone else’s password to access HBOGo, you may in fact be breaking the law. Specifically, you would likely be violating the Computer Fraud and Abuse Act (CFAA), which prohibits “unauthorized access” to a computer.  Some experts believe that using login credentials that aren’t yours could be considered identity theft.

Take a breather

OK, so that’s all the big, bad, scary news. If you want to be safe, you really shouldn’t share your HBOGo password, and you shouldn’t use someone else’s. Both sides of that sordid equation are likely breaking the law.

Thing is, people violate companies’ terms of service all the time. Did you use a fake name on Facebook? That’s a crime under the CFAA. Did you lie about your weight on a dating website? You’re a criminal! So the question is, will you really face any consequences for violating the HBOGo terms of service? Not likely.

According to Wortham, HBO does not see password sharing a s “pervasive problem at this time.” Which means all you password-sharers are in the clear, at least for now.

Editors' Recommendations

Terms & Conditions: Reddit revamps with privacy in mind
Terms & Conditions Reddit

It's been a rough few weeks for social news giant Reddit. Thanks to some overzealous amateur detectives on the site, the Conde Nast-owned Web giant came under fire during the aftermath of the Boston Marathon bombings. Innocent people were painted as "potential suspects." The facts were skewed. And the media attacked some redditors for their irresponsible exposure of others pictures and personal information. It's fitting, then, that Reddit's staff would release an all-new privacy policy, which is set to go into effect on May 15.
True to Reddit's form, the privacy policy was posted to the site, where users were able to parse through the text, and to ask questions of attorney Lauren Gelman, who helped craft the document, as well as Reddit admins, who explained the technical side of site privacy in detail. Rather than force you to read through both the policy (which is relatively short) and the nearly 2,000 comments about it, I've summed up the most important bits below.
See the T&C review of Reddit's User Agreement here.
Privacy Policy
Thorough yet easy to read, Reddit's new privacy policy is a shining example of what these documents should look like. As site admin Jason Harvey (a.k.a. alienth) explains, the old privacy policy simply failed to "give a clear picture on how we actually approach user privacy." The new document does nearly all that can be done to correct that. Let's take a look.
Reddit, almost
The first important thing to remember is that this privacy policy only applies to Other Reddit properties, like RedditGifts, and "loosely affiliated" services, like Radio Reddit, "have their own terms, and you should review them on each service's respective website," the policy reads. Indeed.
You are not for sale
For anyone who uses Reddit regularly, this should come as no surprise: Reddit does "not sell or profit from the information you share" with the company, says the policy. This is repeated later in the document, which says that "your private information is never for sale."
"This means that we will only share your personal data with your consent, and after letting you know what information will be shared and with whom, unless it is otherwise permitted in this policy," it continues. "While advertisers may target their ads to the topic of a given subreddit, we do not sell or otherwise give access to any information collected about our users to any third party."
That is about as cut-and-dry as you can get with this kind of thing, and I'm glad to see that Reddit has decided to go with unequivocal commitments of respect for users' personal data.
The only time that Reddit will share personal information is with law enforcement, when required to do so by law. So don't go admitting to murder or anything idiotic like that.
Edit, don't just delete
While it's great that Reddit itself protects the private information you hand over to the company – which only includes username, password, the IP address of the computer on which you created the account, and your email address, if you choose to provide it – the biggest privacy problems may be entirely your fault. Reddit is, after all, a very popular public website – so if you leave a comment that includes some info you'd rather the whole world not know, bad things can happen.
Fortunately, Reddit allows users to both edit and delete comments. While deletion removes the comment from public view, editing is actually the best way to ensure that info you want to keep to yourself covered. Why? I'll let Harvey explain:
"We will still have access to a deleted comment," he writes. "So, yes, if you'd like to ensure that something is completely removed, editing would accomplish that."
Now, things get a bit complicated due to the fact that third parties, like the Uneddit Reddit browser extension, can archive versions of Reddit comment threads that let people see what you said before you edited a comment. Reddit does what it can to block such apps – Uneddit Reddit was kicked off the Google Chrome app store – it has not yet blocked them all.
So, as always, the best bet is to never post information that reveals your true identity on Reddit – not even once.
Who wants a cookie?
Reddit uses three types of cookies: preference cookies, which remember things like if you want to view age-restricted content even when you're logged out; authentication cookies, which allow you to log in to the site; advertising cookies, which are placed on your machine by Reddit's advertising partner, Adzerk (see Adzerk's privacy policy here); and analytics cookies, placed by Google Analytics, which Reddit uses to gauge traffic to the site.
You can block all cookies, if you like. But Reddit warns that "portions of the reddit website may not function as intended."
Delete me, bro
Deleting your account on Reddit is easy – and once you do so, "your public profile is no longer visible to users of the site," says Reddit. Your username will remain unusable by other visitors (in case you're worried about someone taking over your identity). And your username will be "disassociated with all posts."
That said, deleting your account does not delete all your posts ("self-posts," comments and submitted links). According to Harvey, Reddit staffers "want to give people who are deleting their accounts a way to also delete the content that they want to." However, there are "technical limitations" that currently stand in the way.
No kids allowed
For old timey redactors like myself, the site seems like it's been overrun by teenagers – with all their silly memes and high school problems and acronyms that we have to Google to understand. Luckily, Reddit complies with the Children's Online Privacy Protection Act (COPPA), and prohibits anyone under the age of 14 from using the site. Reddit asks that you report anyone 13 or younger, so they can kick them out. (Please do!)

Read more
Terms & Conditions: WhatsApp’s legalese is user-friendly … and hilarious
Terms & Conditions: WhatsApp

Nokia this week debuted the first ever phone to feature a dedicated WhatsApp button, the Asha 210. While the device likely won't land in the U.S. anytime soon, its very existence is a sign of how popular WhatsApp, a free alternative to text messaging, has become. (The app itself costs $0.99 for iPhone users. On other mobile operating systems, the app is free to download, and free to use for the first year. Subsequent years cost $0.99. There is no additional charge for sending messages using WhatsApp.) Founded in 2009 by Yahoo veterans Brian Acton and Jan Koum, WhatsApp currently boasts around 20 billion (yes, with a "b") message sent over its network every day – a milestone that the company recently used to claim that it's "bigger than Twitter."
Given the all but criminal prices wireless providers charge for text messaging plans – a service that, technically speaking, doesn't cost providers a penny – it's understandable that an app that lets you send messages to iPhones, Android and Windows Phone devices, BlackBerrys, and Nokia handsets for nothing would catch on. But what exactly are users giving up for such a steal? Let's dive into WhatsApp's terms of service and privacy policy to find out.
Terms of Service
While WhatsApp has thus far opted to not provide a summary of key provisions in its terms of service – a good practice that is becoming increasingly popular – the document itself is incredibly easy to read. It's still long, which likely means most people won't read it. But if you do, there's very little that will cause you to call up your contract lawyer friend for a translation. (We all have contract lawyer friends, right?) And when it comes to content, you cannot get better than WhatsApp – it's terms are very good for users. There are really no obvious red flags. Some of it is downright good advice. And it's even funny. When was the last time you read a terms of service that was funny? Never, that's when.
No terrorists allowed!
WhatsApp isn't for everybody. Specifically, the company forbids the use of its app by anyone under the age of 16, unless you are "an emancipated minor, or possess legal parental or guardian consent." Oh, and you can't use the app if you are "located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a 'terrorist-supporting' country." Hear that, terrorists? No WhatsApp for you!
Don't blame me
This is really just common sense – but worth noting, especially for you litigious parents out there: WhatsApp explains that it is not responsible for any third-party content accessed through its app. That means, if you clink on a link sent through WhatsApp, the company is not responsible for the content you access, or the privacy practices of that company.
What's your status?
We'll get into WhatsApp's privacy policy soon. But the terms of service has some important privacy information, as well. WhatsApp allows users to post various optional content – "status text, profile photos, and other communications" – as well as "last seen" info, which is posted automatically and tells users when you last used WhatsApp. All of these are collectively known as "Status Submissions" and are analogous to the status messages that show below your name in most chat applications. Unlike your private messages, Status Submission content can be seen by anyone who uses WhatsApp and has their your phone number stored in her or his phone. In other words, Status Submissions are basically public.
"A good rule of thumb is if you don’t want the whole world to know something or see something, don’t submit it as a Status Submission to the Service," says WhatsApps terms of service. Good advice.
That's not the end of the Status Submission warnings, however. The company also clarifies that you are not allowed to post any copyrighted content as your Status Submission. But, you can post porn as your Status Submission, if you so choose. Just make sure it is "identified as such" (and it's not infringing anyone's copyright). 
If you violate these guidelines, WhatsApp may go in and remove your Status Submission without asking permission. And it could even delete your account.
Just shut up
Speaking of having your account deleted, WhatsApp reserves the right to terminate your account for any reason whatsoever – a provision I generally view as bad for users. However, this time, I'm going to have to give WhatsApp a bit of a break – the provision is still in there, but the company seems to acknowledge the unfairness of kicking someone out of their service arbitrarily with some wink-wink-nudge-nudge humor.
"WhatsApp reserves the right to remove content and Status Submissions without prior notice," reads the ToS. "WhatsApp may also terminate a user's access to the Service, if they are determined to be a repeat infringer, or for any or no reason, including being annoying." (Emphasis mine.)
That's right, if you're annoying to WhatsApp's team, get ready to not have access to WhatsApp anymore. You could take that warning at face value – but it sounds to me like they know the delete-for-any-reason provision – which exists in the vast majority of Internet companies' terms of service covered here at T&C – is ridiculous. WhatsApp is just making that clear.
Do what you want
WhatsApp clarifies that you use the service "at your sole risk." Anything bad that happens as a result of using the app is not WhatsApp's fault. And you can't sue the company or its employees because of something bad that happens as a result of WhatsApp – including messages not being delivered, or only being partially delivered. As the company writes in big bold letters: "AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE. AND AGAIN, USE THIS JUST FOR FUN." (Emphasis theirs.)
This company just keeps getting more awesome, doesn't it?
Privacy Notice
Like WhatsApp's terms of service, its privacy policy is equally clear and easy to read. It outlines exactly the types of information it collects, and how that information is used. In short, it's exactly what a privacy policy should be.
Can I get your number?
The main piece of personal information that you must provide WhatsApp is your phone number – the service won't work without it. You may also have to provide a "push notification name" (username), billing information ("if applicable"), and "mobile device information" (what kind of smartphone you're using). Further, "WhatsApp will periodically access your address book or contact list on your mobile phone to locate the mobile phone numbers of other WhatsApp users."
Leave it out
Now, the info listed above is simply used to make the service work. WhatsApp does not collect information that it doesn't need, such as "names, emails, addresses or other contact information from its users’ mobile address book or contact lists other than mobile phone numbers." Even the names of your contacts remain uncollected – the pairing of names and phone numbers of your contacts happens entirely on your device, not on WhatsApp's servers.
Not a peep(ing Tom)
The content of messages you send over WhatsApp "are not copied, kept or archived by WhatsApp in the normal course of business," the company says. Messages are only stored for the amount of time it takes to deliver the message. If a message goes undelivered for 30 days – a user has to be online for delivery to take place – it's automatically deleted.
This isn't 'Nam, there are rules
WhatsApp only uses your "personally identifiable information" – information that can be linked back to you – for a few purposes. First, it will share you Status Submissions with any user that has your mobile number on their phone, as long as you haven't blocked that user. Second, it may share you personal information for marketing purposes – but only if you give the company permission to do so. (See more on its advertising policy below.) And finally, it will use your data (both the personally identifiable type, and anonymized type) to help make the service better – at least, that's the goal. "Hopefully we improve the WhatsApp Site and Service and don't make it suck worse," the company writes. Why can't more terms and privacy policies be written like this?
(Note: If WhatsApp is ever sold, or the company goes bankrupt, all of its rules about how your privacy is used may go out the window. That's basically always the case, with any company. But just keep that in mind – nothing is forever.)
Stay ad-free
The people at WhatsApp say explicitly that they "are not fans of advertising." Because of this, "WhatsApp is currently ad-free and we hope to keep it that way forever." Are you listening, every other company? Because this is what users want.
T&C Bonus:
This has nothing to do with WhatsApp specifically, but it's worth mentioning: The good folks at Newsbound have put together an extremely useful slideshow about privacy polices. It's a must-read for anyone who cares about how their information is used by companies. For instance, did you know that companies are not legally required to have a privacy policy at all? It's true – sadly. Learn about this and more in the slideshow below:

Read more
Terms & Conditions: Congress has privacy policies in its sights with CISPA
terms conditions congress has privacy policies in its sights with cispa t c feature

The purpose of Terms & Conditions is to parse through the terms of service and privacy polices of online sites or services. We at Digital Trends think this is important because these documents are legal contracts by which users and the company must abide. Privacy policies in particular tell us how our personal information will be collected and used by the company in question, providing us with protection in case the company violates its own rules. But thanks to a bill currently making its way through Congress, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA), the legal weight of all privacy polices may soon dwindle faster than a liposuction patient. So, for this week's T&C, we'll cut through the legal jargon of CISPA to see what the bill may mean for the future of online privacy rights.
CISPA, in short
CISPA is a cybersecurity bill that would allow for greater sharing of "cyber threat information" (CTI) between the federal government and businesses. Companies (like Facebook, Google, or Digital Trends) would be free to share CTI with the government, but would not be required to do so. The bill would also allow the federal government to more easily share classified information with businesses.
CISPA was originally introduced in 2012. The bill passed the House of Representatives the first time around, but failed to pass the Senate. Co-sponsors of the bill, Reps Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD), reintroduced the bill in February. CISPA passed the House on Thursday with a vote of 288 to 127.
The anti-CISPA position
Despite its seeming popularity in the House, CISPA remains enemy number one for civil liberty and Internet freedom advocates, who argue that the bill is too broadly written, allowing the government – especially secretive military sectors, like the National Security Agency (NSA) – to get their mitts on citizens' personal information. 
"CISPA's information sharing regime allows the transfer of vast amounts of data, including sensitive information like Internet records of the contents of emails, to any agency in the government including the military and intelligence agencies like the National Security Administration or the Department of Cyber Command," wrote a coalition of citizen rights groups in a letter (PDF) to Congress opposing CISPA last month. "Once in government hands, this information can be used for undefined 'national security' purposes unrelated to cyber security."
At the heart of the CISPA opposition is a provision that allows companies to share CTI with "any other entity, including the federal government" with complete impunity – "not withstanding any other provision of law" – which means that companies that share CTI may not be sued or convicted of criminal wrongdoing, no matter what any other law or their own privacy policies say. This is the reason CISPA is problematic.
The pro-CISPA position
Champions of CISPA say the bill is necessary to protect U.S. critical infrastructure networks – things like electrical and water supply systems – from being attacked through computer network. Furthmore, CISPA supporters firmly reject the idea that the bill would hurt individual privacy or Internet freedom. 
"The Cyber Intelligence Sharing and Protection Act allows us to take that first critical step of sharing information in a way that is effective but still protects our civil liberties," wrote Rep. Rogers in a US News & World Report op-ed on Wednesday. "… Most importantly, under the bill, information sharing by the private sector is voluntary, with strong controls to ensure that personal information is protected. It allows only information directly pertaining to threats or vulnerabilities to be shared for the explicit purpose of protecting systems and networks from such threats, and it allows those in the private sector to minimize or anonymize the information shared based on their own determination of what is minimally necessary to address those threats." 
In addition to its support in Congress, CISPA enjoys backing from major U.S. telecommunications providers, including AT&T and Verizon, as well as that of lobbying organizations that represent companies like Google and Amazon. 
What happens next with CISPA?
CISPA will now move to the Senate for debate. Like last year's movement over CISPA, however, the bill faces an increasingly steep uphill battle. The most powerful CISPA opponent is President Barack Obama who issued a veto threat (PDF) on the basis that it "fails to provide authorities to ensure that the nation’s core critical infrastructure is protected while repealing important provisions" of privacy law. 
In addition, Internet freedom group Fight for the Future has launched a campaign to get Rep. Rogers, who recently characterized CISPA opponents as a "14-year-old tweeter in the basement," to debate an actual 14-year-old over the merits of the legislation.

Read more